►
From YouTube: IETF94-OPSAREA-20151105-1520.webm
Description
OPSAREA meeting session at IETF94
2015/11/05 1520
A
A
Otherwise
Scott
will
be
happy
to
answer
questions
as
well,
seeing
as
he
is
in
fact
the
author.
So
this
is
the
joint
ops,
AWG
and
operations
and
management
area
meeting.
These
are
monkeys
on
stage.
This
is
the
agenda.
Actually
we
have
reorganized
it
somewhat
so
that
address
poor
management
and
firewalls
and
internet
security
goes
first
and
then
Joel
doing
an
update
on
private
enterprise
numbers
and
then
some
more
stuff
and
they
stroll.
Would
you
rather
do
pn?
First,
she
has
someone
else
needs
to
go
to
the
airport,
so
say:
no!
A
C
C
Actually,
we
are
working
with
the
man
from
france
telecom,
you
different
comcast
to
turn
from
china
mobile,
and
we
are
on
from
far
away
and
ptree
from
to
my
university
as
a
foreman,
the
current
power.
It
is
not
only
the
problem
in
china
telecom,
we
discussed
it
with
several
operators,
they
all
share
the
same
feeling.
C
Actually
we
in
the
current
situation,
our
our
metro
network,
has
a
lot
of
pure
acid.
For
example,
the
large
mansion
network
will
have
more
than
100
appearances
in
our
network
and
each
pirez
need
to
be
configured
with
the
address
poor
before
and
v6
adjust
poor
and
the
client
will
get
to
address
from
the
pure
acid.
So
currently,
operators
need
to
configure
the
adjust
course
in
parents
in
one
by
one.
So
this
is
a
will
cost
a
great
cost,
a
lot
net
under
the
patent.
The
second
problem
is
for
visa
transition
envisage
transition.
C
We
have
deployed
some
visa
transition
technologies
like
a
siegean
negatives
right.
All
these
technologies
will
also
occupies
them
before
public
address
and
though
we
also
have
to
configure
address
port
in
these
in
these
devices.
These
are
just
pause.
You
can
it
not
different
and
it's
different
with
to
just
pour
it
in
the
inner
previous
one,
so
we
also
have
to
configure
a
lot
of
adjust
port
in
these
different
devices,
so
it
is
very
complicated
to
configure
audio
just
pause
manually
and
the
third.
C
We
also
have
some
Android
devices
like
a
firewall
like
a
VPN,
should
also
be
configured
with
the
just
pause,
so
we
think
it
is
possible
to
to
introduce
a
unified
way
for
this
address.
Poor
management.
So
here
is
the
architecture
in
this
architecture
we
introduce
a
centralized
the
provisioning
citroen
to
allocate
and
just
post
automatically.
So
in
this
architecture,
we
need
to
specify
the
overall
architecture,
the
interface
from
the
previous
return
to
the
agent
and
also
in
a
ginger.
C
We
need
to
interact
or
just
pour
it
into
the
routing
system,
so
we
now
have
the
drafter
it.
We
have
this
draft
and
have
visited
the
name.
So
if
you
have
interest-
and
we
hope
you
can
read
it-
and
we
also
in
this
draft
the
week-
we
also-
we
have
also
this
to
the
overall
procedure-
how
to
initiate
how
to
get
a
new
address,
delete,
a
new
dress
and
the
monitor
the
status
of
the
dress
port
and
the
next.
We
also
define
a
young
model
data
model.
C
This
is
the
kimoto,
includes
address
report,
data
model
and
adjust
post
filtered
data
model.
So
these
have
been
list
here,
two
indices,
another
draft
and
the
these
are
just
poor
management
problem
and
the
finality
is
about
accessible
service
management
problem.
We
are
also
trying
to
offer
access
services
with
more
flexible
way.
For
example,
we
can
introduce
the
controller
in
our
metro
network
to
configure
different
services
for
our
subscribers.
C
For
example,
we
can
offer
band
width
adjustment
service
for
subscribers,
so
the
users
who
can
order
an
higher
bandwidth
if
they
need
and
though
we
can
configure
the
fashion
invitation.
So
it
will
be
easy
to
change
the
statute
number
and
it
was
a
chatty
cat
construct
congestion
on
one
thing:
it
can
be
changed
to
another
one
so
that
that
can
be
achieved.
Yo
games
is
a
same
architecture,
so
we
also
hope
to
define
different
young
models
for
accessing
services
and
so
for
this
working
group.
D
On
this
star
draft
is
new,
so
I,
don't
I'm
not
going
to
ask
how
many
people
have
read
it,
but
if
this
of
interest
to
you,
please
do
read
it
and
comment
on
it
on
the
mailing
list.
This
the
underlying
concept
of
address
managers,
may
not
be
the
right
thing
for
this
working
group,
but
the
yang
model
may
be
so.
Please
take
a
look
at
and
comment
on.
It
I
think
it's
too
early
to
create
a
mailing
list
or
the
like,
but
it
is
worthwhile
just
taking
a
look
at
it.
D
E
Had
a
conversation
with
the
sunset
for
working
group
chairs
earlier
today
arm
this
could
be
argued
to
be
within
their
charter,
not
from
the
anchor
spective,
but
from
the.
What
does
one
do
to
handle
beefy
for
during
an
El
when
things
are
really
crazy
and
what
they
suggested
was
in
essence
that
she
started
with
a
problem
statement.
Tell
us
what
problem
you're
trying
to
solve
and
that
that
could
be
discussed,
perhaps
in
sunset
for
and
it
might
become
apparent
from
there.
Whether
that's
the
right
working
group
or
there
are
other
places
that
it
might
go.
E
F
Matthews
on
to
loosen
I
was
just
wondering
if
you
think
that
address
pool
management
or
address
pool
sounds
like
you're.
Trying
to
configure
a
bunch
of
address,
pools
across
a
bunch
of
devices
and
I
was
wondering
if
you
think
that
that
is
somehow
special
different
than
the
job
of
trying
to
configure
those
devices.
In
other
ways,
I
mean
there
was
a
bunch
of
work
most
operators
these
days,
people
try
to
automate
configuration
a
bit
more,
and
it
strikes
me
that
that
could
be
seen
just
as
a
subset
of
this
more
general
effort.
C
F
I'm
just
wondering
you're
talking
just
about
address,
pools:
okay,
yeah
I
mean
first
of
all,
there's
the
general
solution,
of
course,
of
having
like
a
general,
centralized
dhcp
server,
for
example,
but
it
sounds
like
that.
Those
typically
don't
work
with
firewalls.
It
strikes
me
that
you're
a
problem
that
I
understand
it
is
how
do
you
sort
of
push
the
address,
configure
the
appropriate
pools
down
to
all
these
various
devices
that
they
should
use?
Okay,
yes,.
B
F
C
F
C
F
F
C
F
C
Is
a
just
pours?
Other
configuration
is
address,
address
itself
example
for
dhcp
subscribers
can
get
the
address
from
the
UCP
server,
but
they
can
only
get
a
1
a
dress
or
a
perfect,
but
for
this
case
so
we
need
to
configure
the
devices
we
need
to
configure
for
some
beer
ass
firewall
on
the
they
do
not
until
the
second
you're
Katie
different.
They
need
a
range
of
Josh's,
okay,.
F
I
agree:
the
dhcp
is
at
the
right
mechanism,
but
for
especially
since
DHT,
probably
wouldn't
work
with
your
firewall
configuration
but
I'm
wondering
if
you
had-
and
you
know
there
are
various
operator
groups
I
just
you
know,
came
from
an
anode
meeting
recently
there
were
there
was
lots
of
discussion
about
automatic
ways
to
configuring
network
configuration
and
strikes
me
that
this
is
very
could
be
done
by
that
mechanism
and
I'm.
Just
wondering
do
you
consider
addresses
to
be
special
or
could
it
would?
F
B
G
I
think
I'm
going
to
respond
to
that
a
little
bit.
I
see
cool
management
as
a
as
a
subset
of
a
more
general
problem,
which
is
overall
address
management
and
the
fact
that
we've
sort
of
repeatedly
across
that
ground
many
times
without
actually
solving
the
problem.
I
think,
does
suggest
that
possibly
there's
some
work
to
be
done
here.
So
don't.
G
Maybe
a
pool
is
probably
an
order,
so
I
look
at
this
fairway
positively
and
I.
Think
there
probably
is
something
to
be
got
out
of
that.
What.
D
H
But
not
less,
maybe
also
one
thing
I
want
to
mention
is
that
please
work
on
this
for
now
don't
pay
attention
where
you
should
put
it,
because
you
came
to
me
last
time
asking
where
it
should
go.
I
gave
the
advice
you
come
here.
Maybe
it's
not
the
right
place
maybe
should
go
to
end,
but
basically
this
is
the
problem
of
the
people
here
in
the
management
we're
going
to
find
the
right
place
if
there's
interest.
So
please
work
on
this.
A
I
Afternoon
my
name
is
Fernando
want
and
I
will
be
present
in
the
ID
on
firewalls
in
network
security.
Before
starting
with
a
presentation.
Please
let
me
give
some
background
regarding
this
document
and
some
clarifications.
So
the
background
for
this
document
is
that
there
had
been
one
ID
by
fred
baker.
That
was
on
this
topic
and
I
think,
was
being
had
been
adopted
by
this
working
group
that
I
found
valuable.
I
So
one
day
I
sent
an
email
to
Fred
asking
you
know
what
was
probably,
who
is
that
ID
and
eventually
got
to
know
that
as
far
as
I
understand,
the
idea
had
been
abandoned.
Ok,
since
I
found
it
valuable
first
I
asked
if
they
were
going
to
revise
it,
they
were
not
and
then
I
offered
to
you
know,
pick
up
the
work
and
try
to
continue
moving
the
ID
for
were
studying.
Let's
say
from
from
scratch,
we
are
in
version.
I
So
that's
essentially
the
background
and
the
clarification
is
that
when
we
posted
an
announcement
to
the
mailing
list
regarding
this
ID,
there
was
a
lot
of
discussion
on
section
one
which
was
about
like
history
of
security
at
the
IETF.
That
was
borrow
from
previous
versions
of
a
deep
but
I.
Don't
think
that's
where
the
meat
is
right,
so
I
think
that
this
stuff
and
we
are
going
to
change
or
remove
or
whatever
that
sensually
that
section
in
next
revisions.
I
But
I
think
that
the
stuff
that
deserves
to
be
discussed,
it's
actually
the
breast
of
the
stuff
that
is
in
the
ID.
So
what
is
this
document
about?
It
essentially
tries
to
analyze
the
roles
of
firewalls
in
network
security,
tries
to
analyze
some
assumptions
that
we
usually
have
about
firewalls
and
try
to
discuss
a
number
of
interrelated
the
interoperability
implications
introduced
by
firewalls.
I
should
say
that
myself.
I
Think
that
one
besides,
you
know
increasing
the
understanding
of
all
of
us
on
the
topic.
I
think
that
one
of
the
things
that
we
can
take
home
from
you
know,
working
on
this
topic
is
to
you
know,
help
improve
the
state
of
affairs
and
when
I
talk
about
state
of
affairs,
all
of
us
one
way
or
another
have
seen
or
experienced
a
situation
in
which
you
know
some
protocol
that
needs
to
be
deployed.
It
gets
hard
to
deploy
because
of
a
side
effect
of
the
use
of
firewalls.
I
There
are
times
in
which
that
kind
of
behavior
is
intentional,
but
there
are
other
times
in
week
that
behavior
is
not
intentional
and
I
think
we
could
do
a
little
bit
better
when
it
comes
to.
You
know
the
unintentional
effects
of
firewalls,
as
I
mentioned
before
it's
based
on
these
two
versions.
These
two
versions
were
like
very,
very
different
from
each
other.
So
that's
if
you
wonder
why
I
cite
two
different
versions:
it's
because
of
that
they
were
very
different
from
each
other.
I
Of
course,
those
other
mitigations
are
more
more
expensive.
Other
topics
related
to
the
use
of
firewall,
and
this
one
is
you
hear
it
very
very
frequently
if
that
it
violates
the
end-to-end
principle,
and
this
is
generally
an
argument
made
by
folks
that
are
against
firewalls,
that
they
are
necessarily
evil
because
they
violate
the
end-to-end
principle,
so
they
shouldn't
be
there,
and
the
argument
that
was
already
made
in
the
document
that
Fred
had
authored
was
that,
when
it
comes
to
the
end-to-end
principle,
is
a
plea
for
simplicity
for
simplicity.
I
It
tries
to
you
know
our
gig
gains
in
consistency,
complexity
or
stuff.
That
makes
the
network
more
complex,
but
it
doesn't
really
are,
for
example,
against
the
main
attendances
of
state
in
the
network
or
other
things
such
as,
for
example,
retransmissions
and
the
lower
layers.
Sometimes
the
interim
principal
is
taking
us,
you
know
it's
completely
forbidden
to
maintain
state
in
the
network,
but
actually
it's
not
other
concepts.
I
Discuss
in
these
ID
are
different
types
of
firewalls.
First
one
is
context
or
some
base
firewalls.
These
are
probably
the
firewalls
that
you
know.
People
generally
assume
when
you
talk
about
firewalls.
Essentially,
there
is
a
perimeter
that
is
supposed
to
separate
between.
You
know
the
eagle
notes
and
the
ones
that
are
not
so
evil
and
that's
where
the
security
policy
is
enforced.
I
What's
next
some
stuff
about
firewall
in
strategies.
This
is
well
known.
Two
different
policies
that
are
usually
enforced
default
in
I,
Andy,
Forssell
Oh,
probably
the
most
widely
used
for
the
general
case,
is
to
fall
deny
when
you
obviously
deny
everything
unless
explicitly
permitted.
It
fails
on
the
safe
side
when
it
comes
to
security.
But,
of
course,
when
you
have
those
devices
deployed,
if
there
are,
for
example,
new
protocols
or
features
that
need
to
be
deployed
I
quite
a
few
times,
they
are
blocked
and
it's
hard
to
get
rid
of
these.
These
policies.
I
In
many
cases,
when
you
and
forth
firewall
rules
there
the
assumption
that
the
addresses
and
the
ports
are
stable
to
some
extent
or
another
when
it
comes
to
erase
stability.
These
changes
a
little
bit
with
ipv6
ipv6,
has
the
concept
of
privacy
addresses,
which
means
that
if
you
were,
for
example,
allowing
a
specific
system
to
get
to
a
specific
server.
Well,
the
addresses
are
going
to
change
and
you
know
that
changes
the
game
a
little
bit
in
this
respect,
there's
also
an
assumption
about
transport
protocol
numbers.
I
I
The
idea
that
the
board
is
stable
than
you
that
you
can
filter
the
therapist
varies
on
the
port.
It
works,
but
it's
more
of
a
shortcut
or
a
kludge
that
it
should
that
is.
It
is
of
a
general
principle
if
you
want,
and
as
a
result
of
the
where
we
talked
before
about
the
Assumption
important
burrs,
there's
a
tendency
to
multiplets
applications
on
port
numbers
that
are
known
to
be
generally
alone.
E
B
J
There
is
no
the
previous
slide
when
you
were
saying
that,
with
respect
to
protocol
numbers
that
you
assume
that
they
are
well
known
at
the
port
numbers
that
are
used
as
true
for
traditional
firewall,
but
the
next-gen
firewalls
today,
they
actually
scan
for
protocols
on
a
number
of
different
port
ranges
right.
So
this
demonstration.
I
J
I
That
what
we
were
mentioning
before
I'm,
not
saying
that
it
doesn't
really
happen,
but
it's
not
just
that
they,
for
example,
the
case
of
the
ftp
ports.
There
were
devices
that
could
you
know
analyze
that
since
the
long
time
ago,
but
when
I'm
saying
is
that
quite
a
few
times,
it's
assumed
that
the
port
number
is
like
static
when
it
is
not
and
also
at
the
same
time
when
you
have
a
situation
which
the
poor
ends
up
being
dynamic
or
the
firewall
device
needs
to
understand
the
protocol
that
it's
going
to
inspect.
I
Ok,
so
that's
the
challenge,
I'm,
not
saying
that
it's
not
doable
or
that
you
should
do
it
or
that
you
should
not.
But
quite
usually
we
assume
that
you
know
you
can
identify
the
bottom
and
block
a
service
based
on
the
board,
and
that
is
not
necessarily
the
case.
Yeah.
J
I
I
Obviously,
this
scales
will
but
at
the
same
time
doesn't
allow
you
to
Alyssa
enforce
such
a
power
of
filtering,
because
obviously
you
are
making
the
decision
just
on
the
contents
of
a
single
packet,
not
to
mention
the
fact
that
if
you
want
to
get
deeper
into
the
packet-
and
you
think
about
like
transport,
layer,
segmentation
or
IP
fragmentation
and
so
on,
just
looking
at
the
single
packing
is
not
usually
going
to
help
you
much.
I
Then
there
is
a
stateful
filtering
in
which
the
decision
is
based
not
only
on
the
common
packet,
but
also
on
existing
or
lack
of
previous
state.
It
allows
to
do
more,
powerful
filtering.
It
doesn't
scale
well
because
well,
you
have
to
keep
stayed
about
the
ongoing
flows
and
another
no
topic
or
point
that
should
be
made
here.
I
I
think
this
is
the
final
one.
There
are
many
firewall
products
that
try
to
enforce
protocol
syntax,
and
this
essentially
means
that
if,
for
example,
if
you
grab
some
protocol
specification-
and
there
are
we
sir
bits
that
are
required
to
be
set
to
zero,
but
then
ignore
by
the
system
that
receives
those
packets,
well,
these
firewalls
check
those
bits
and
if
they
are
said
to
a
different
value,
let's
say
it's
not
serious
said
to
one:
they
drop
the
packet.
There
are
many
unfortunate
stories
related
to
this.
I
I
K
Lee
Howard
some
I'm
working
on
a
pretty
thorough
review
of
the
document.
I
K
Those
are
great
things.
That's
one
of
my
comments
was
in
the
first
section
that
I've
read.
Clearly,
you
define
firewall
as
being
something
that
looks
at
packets,
basically
based
on
layer,
3
or
layer
for
information.
Some
of
this
is
layer,
7
information
which
can
be
a
firewall
function
and
I.
Think
of
that
as
being
a
firewall
but
needs
to
be
defined.
Your
definition
of
firewall
needs
to
include
a
layer,
7
firewall
function,
as
opposed
to
some
of
the
other
things
that
I
think
are
a
little
bit
different
it
for
it.
K
K
I
Personal
opinion,
that
is,
that,
for
this
particular
document,
I
will
stick
on
what
we
think
is
a
file
to
keep
the
problem.
Tractable
I
shouldn't
included
it
here,
but
if
it
was,
if
there
was
a
previous
experience,
moving
this
document
forward,
just
focusing
on
fri
walls,
if
you
want
to
address
all
that,
I
think
it's
going
to
be
much
harder,
not
that
we
shouldn't
discuss
that,
but
two.
D
E
This
might
be
a
questioner
for
you
or
for
lee
the
deer
or
somebody
you
know
just
listening
to
that
conversation
sounds
like.
Maybe
we
have
the
title
of
the
draft
wrong
title
of
the
draught
might
be
perimeter,
security
considerations
or
something
like
them.
That's.
L
D
G
Yeah,
so
I
just
wanted
to
observe
that
I
think
middle
box
taxonomy
and
the
ITF
is
something
of
a
full
contact,
sport
and
but
I.
Think
there's,
there's
probably
a
big
tent
definition
of
what
firewall
functions
are
rather
than
what
is
or
is
not
a
firewall,
because
the
things
that
I
use
is
firewalls
in
my
day
job
and
which
are
all
stateless,
most
people.
Think
of
as
the
ethernet
switches,
for
example,
and
at
the
same
time
you
know,
I,
PS
and
ids
devices
certainly
have
acl's
in
them
and
those
acl's
operating
conjunction.
G
G
L
L
L
Al
Borden
is
a
right
now
co-chair
of
the
25
year
old,
BMW
G,
where
we
tried
to
treat
an
update
of
our
firewall
benchmarking
draft
in
the
last
I.
Don't
know
if
I'm
done
in
a
while,
but
what
what
we
wanted
to
do.
The
gentleman
proposing
wanted
to
do
was
to
widen
the
scope,
and
so
the
term
we
used
was
content
aware,
and
that
covers
just
about
anything.
L
You
want
it
to
cover
and
I
would
suggest
that
you
might
look
at
that
definition
and
see
how
you
might
want
to
fine
tune
it,
but
at
the
same
time,
I
appreciate
your
desire
to
keep
this
tractable
and
you
start
going
to
need
a
definition.
For
you
know
the
draw
the
scope
around
this
firewall
isn't
necessarily
going
to
do
it.
I
also
recommend
you
take
a
look
at
the
the
giraffes
he
wrote.
It
was
if
you
just
look
in
the
the
tools
search
under
draft
Hamilton.
L
J
Slamming
andreasen
so
I
apologize
in
advance.
I
missed
the
beginning
of
the
meeting
and
I
only
skimmed
the
draft.
But
what
is
your
goal?
What
are
you
trying
to
achieve
with
this
draft,
and
you
know
to
give
a
little
bit
more
context
around
this
I
mean
firewall,
is
just
one
of
several
inline
security
functions
that
you
will
find
right.
So
what
is
it?
That's
unique
about
firewalls
that
you
want
to
hone
in
on
here.
I
There
are
different
possible
things
that
you
could
bring
back
home
as
a
result
of
this
work.
First
of
all,
are
these
ones
that
are
mentioned
here,
usually
when
you,
when
you
participate
sorry
I,
when
you
see
a
discussion
on
files,
for
example,
and
that's
something
that
was
actually
took
place
when
we
post
the
announcement
like
Falls,
for
example,
arguing
that
you
know,
network
fire
was
had
no
sense
at
all
nowadays
that
everything
should
move
to
the
heart
to
the
in-house,
and
that's
where
the
you
know,
protection
should
be
perform.
I
I
think
that
there
are
things
that
are
missing
there
in
that
discussion
and
I.
Think
part
of
the
stuff
that
these
document
discusses
clarifies
a
little
bit
w
I
think
that's
one
part
of
it.
There's
other
things
that
just
for
example,
and
I,
don't
recall
on
which
mail
unless
I've,
so
the
discussion,
I,
think
or
was
sunday
on
openbsd
mailing
list
in
which
a
guy
was
using
ipv6,
and
he
was
complaining
because
his
services
were
changing
all
the
time.
I
So
he
was
like
using
scripts
to
try
to
reconfigure
the
firewall
so
that
the
fiber
roots
would
be
updated.
As
a
result
of
the
new
addresses
that
that
were
being
selected
by
the
devices,
that's
an
implicit
assumption
that,
for
example,
in
the
case
of
ipv4,
generally
work,
but
it's
more
of
a
shortcut
or
a
closed.
It's
not
something
that
you
can
really
rely
on
and
the
stuff
that
we
analyze
here.
I.
I
Think
that
the
analysis
and
given
these
a
thought
is
helpful,
and
then
there
are
other
things
like
when
we
were
discussing
this
ID
on
the
mailing
list.
There
were
DNS
fault,
for
example
that
say
yeah
well,
you
know
it
will
deploy
NTN
esic.
We
find
that
these
packets
are
filtered.
These
other
ones
are
filter
and
so
on,
and
probably
as
part
of
the
broader
discussion
that
we
are
having
here,
for
example,
on
this
topic
of
enforcing
protocol
synthesis
at
the
file,
I
guess
one
of
the
you
knows
possible.
J
Ok,
so
to
follow
up
on
that,
it
sounds
like
it's
not
the
fact
that
it's
a
firewall.
That's
doing
that!
That's
really
all!
That's
in
all
that
interesting!
You
have
specific
issues
with
certain
protocols
that
are
being
mishandled
by
intermediaries
and
that's
what
you
want
to
I
thought
you
meant
and
come
up
with
some
recommendations.
A
B
A
G
Yeah,
we
find
my
notes
here
yeah.
So
one
of
the
documents
that's
been
before
us
before
I
was
an
update
to
the
ayana
private
enterprise
numbers
registry,
which
obviously
features
prominently
in
SNMP
and
several
other
protocols
as
enterprises,
age,
age
and
you
know,
produce
more
mids
end
up
in
mergers
and
acquisitions
and
so
on.
Keeping
track
of
the
various
entities
that
actually
have
stuff
registered
gets
somewhat
hard
and,
of
course,
new
variants
of
the
same
company
come
back
and
ask
for
more
private
enterprise
numbers
over
time.
G
So
there
has
been
some
work
on
the
I,
an
aside
to
update
the
policy
associated
with
that.
Unfortunately,
that
draft
is
actually
not
ready
for
adoption
here
or
ad
sponsorship,
because
the
INF
person
involved
in
being
the
author
has
left
the
organization
and
so
we're
in
search
of
a
new
author
and
should
have
and.
G
Something
in
place
before
I
TF
95,
so
we
hope
to
bring
the
discussion
about
the
pen
or
industry
back
to
the
ops
AWG
mailing
list
here
in
the
near
future,
because
community
input
is
probably
required
on
that.
H
Right
so
I
want
to
do
a
quick
update
on
yang,
so
actually
I
did
a
full
presentation
in
the
net,
not
working
group
I,
don't
plan
to
repeat
the
for
plantations.
It
makes
sense
unless
there
is
like
really
interest
so
who
wasn't
that
mud
all
right
in
regularly?
So
let
me
give
you
a
quick
overview,
maybe
in
two
or
three
minutes
of
what
we
discussed
there
and
there
are
no
slides
right.
H
So
obviously
we
see
a
lot
of
yang
model
these
days,
maybe
between
170
and
260.
There
is
like
a
huge
file
in
there
that
we
can
extract
correctly.
What
I've
seen
in
the
stats
is
that
we've
got
more
and
more
extracting
correctly
even
during
the
week.
So
this
is
this
is
good.
People
are
updating
their
draft.
H
H
There
is
again
some
code
there
that
work
that
was
done
during
the
weekend.
It
will
be
posted
to
open
source,
whether
we're
helping
people
with
computation
every
single
yang
model
that
I
can
extract.
My
draft
there
is
like
compilation,
warnings
or
errors.
We
send
that
to
the
to
the
authors,
we're
helping
also,
for
example,
with
the
BBF
one.
We
had
one
of
the
adductors
helping
their
training.
We
did
training
on
net
company
yang
this
weekend.
This
is
currently
posted
on
the
edu
website.
It
will
be
also
available
on
YouTube.
H
H
Carnation
with
different
zios,
I
quickly
mention
that
the
big
step
right
now
is
to
coordinate
all
these
young
models
within
the
ITF.
I'm
sure,
if
you
want
you
a
lot
of
working
groups
where
the
keyword
yang
was
mentioned,
this
is
actually
a
good
problem
to
have
now.
If
I
compare
this
with
an
MP
where
all
the
map
were
coming
slowly,
we
need
to
solve
this
like
quickly
right.
This
is
the
good
challenge
that
we
have
and
I
think
thats
it
from
the
high
level
a
point
of
view
on
yang.
So
any
questions
or
feedback.
H
So
versioning
there
are
multiple
aspects
of
versioning.
One
is
to
make
sure
that
okay,
whenever
we
post
a
young
model,
there
are
people
who
want
to
quickly
update
those
young
models
based
on
code,
etc.
I'm
thinking
that
maybe
if
we
need
to
always
prison
RFC
in
order
to
produce
a
newer
version,
may
be
comparing
the
process
in
the
ITF
with
the
open
source
we
might
be
having
an
issue,
so
we
have
to
make
it
very
simple.
H
Typically,
we
could
do
service
composition
right
in
the
end,
we
want
to
have
services,
but
the
operators
will
be
testing
yes,
I'm
using
the
interface
yang
RFC
great,
but
maybe
I'm
using
a
draft
version
of
something
which
is
developing
yet
EF,
because
I
can
wait
forever
and
maybe
I'm
using
something
from
the
I
Triple
E
and
maybe
something
from
open
daylight,
and
there
is
this
service
composition
there,
and
if
we
want
to
go
to
service
number,
two
we've
got
a
different
set
of
versions.
There
that's
a
different
aspect.
H
G
Yeah
next
slide
word
so
I
briefly
wanted
to
talk
about
the
state
of
activity
in
my
side
of
operations
of
management.
I
think
it's
pretty
obvious
from
anyone
who
follows
the
mailing
list
that
DNS
up
is
kind
of
a
hot
spot
at
this
point
with
respect
to
activity
and
both
things
that
are
non-controversial
and
things
that
potentially
are
that
has
in
that
has
impact
if
we
don't
expeditiously
deal
with
it
elsewhere
in
the
ITF.
So,
for
example,
homenet
considerations
may
get
backed
up
behind
RFC
6761.
G
This
work,
if
we're
not
careful,
for
example,
so
we
need
to
be
pretty
clear
about
that.
Benchmark
methodology
working
group
celebrated
its
25th
birthday
at
this
meeting,
where
I
should
say
this
year,
but
it
also
I
have
seen
it
go
in,
fits
and
starts
because
there's
a
level
of
activity
and
then
it
goes
up
and
then
it
goes
down
and
through
all
of
that
it
has
been
shepherded
by
some
pretty
cool
heads
overcome
right
now.
G
It
turns
out
that
almost
everyone
in
the
ITF
seems
to
want
to
characterize
the
performance
of
virtual
resources
of
one
variety
or
another.
So
it
seems
like
that's
that
activity
is
I'm
going
to
be
in
the
forefront
of
many
people's
minds
for
some
time
to
come,
not
just
people
who
sell
virtual
test
equipment
on
the
other
side
of
things.
We
have
this
working
group
and
we
have
OPSEC
which
have
gotten
most
of
their
documents
done
on
the
next
slide.
G
Yes,
because
Warren
is
so
incredibly
efficient,
well
they've
been
around
for
a
little
while
too,
but
so
it's
not
bad
to
have
lolz
and
activity,
and
it's
also
not
bad.
If
working
groups
don't
meet,
but
what
I
want
to
try
and
avoid
is
losing
some
critical
mass
that
makes
these
working
groups
relevant
and
reduces
their
ability
to
do
work.
So
that's
something
that
we
get
to
keep
in
mind
with
respect
to
where
to
house
work
and
where
we
can
get
the
best
review
and
so
on.
I
think
one
note
on
that.
G
G
There
are
some
proposals
for
work
there
right
now,
but
there's
not
a
lot,
that's
hot,
so
we
may
see
that
cycle
in
and
out
again
it
was
my
first
working
group
as
a
chair
when
I
came
to
the
ITF,
or
it
may
be
time
to
finally
merge
it
with
this
one
next
slide,
please
yep
yep.
G
Opposite
ewg
on
our
illustrious
chair,
Scott
Brandner
has
indicated
that
he's
going
to
step
down
after
the
next
meeting
and
so
we're
going
to
lose
his
steady
hands
as
a
working
group
chair,
albeit
I,
hope
not
a
contributor
after
that.
So
we
will
be
looking
for
interest
in
volunteers
on
to
to
put
into
that
role
and
if
there
are
people
who
are
interested,
I'll
put
out
an
announcement
for
that
on
fairly
soon
after
this
meeting.
Thank.
B
M
A
That
is,
in
fact,
a
good
question,
I
suspect,
partly
because
the
previous
firewall
work
was
done
here.
Why
it
was
done
here
actually
is
possibly
a
good
route
question,
and
we
have
one
of
the
authors
here
and
we
have
another
one
of
the
authors
here.
So.
I
Actually,
when
we
grab
the
document,
we
were
unsure
where
to
discuss
the
document
for
instant.
When
we
publish
the
last
couple
of
revisions,
we
enunciated
even
to
TS
VW
g.
To
give
you
an
idea,
I
guess
the
reason
for
we
chose
this
working
group
because
it's
because
the
previous
version
of
the
document
was
here,
that's
it
ok,.
E
B
M
You
fuller
by
the
second
working
group,
because
it's
kind
of
defining
what
they
would
need
to
do
in
in
their
first
version
from
a
point
of
view
of
requirements,
and
we
would
like
to
send
it
to
the
beta's
community
and
my
question
is
whether
to
send
it
again
to
send
it
off
Syria
working
group
OPSEC.
What
would
be
the
right
community.
G
I
think
at
this
point
you
actually
probably
will
get
sledding
more
security
focused
folks
out
of
OPSEC.
Then
you
will
hear
the
overlap
is
extremely
high,
so
I
might
not
discriminate
between
them.
So.
A
G
I
I
Their
stuff,
for
example,
that
affected
transport
people,
and
usually,
do
you
don't
find
those
people
in
the
same
group
as
you
find
the
security
people
or
you
find
the
ops
people
somehow
well,
we
have
tried
to
do
was
to
announce
the
document
in
each
of
those
mailing
list,
but
it's
kind
of
like
hard
to
keep.
You
know
the
discussion
all
together
by
doing
that.
I
I
think
that,
even
if
you
from
my
personal
point
of
view
no
matter
what's
the
working
group
in
which
the
ID
is
targeted,
having,
like
you
know
at
least
it
like
a
forum
to
this
I,
don't
know
I'm
saying
that
Eddie.
Actually,
what
I'm
saying
is.
That
is
not
that.
We
have
like
an
extremely
good
reason
to
go
to
this
working
group
or
another
or,
but
that
actually,
the
fact
that
this
topic
covers
a
number
of
subjects
that
spun
like
different
areas
and
working
groups,
was
actually
a
challenge.
So
yeah.
B
L
Al
Morton,
al
Morton
and
Kath
Kathleen,
Moriarty
Rodin
internet-draft,
together
about
the
effects
of
ubiquitous
encryption
and
in
the
Prague
open
microphone.
I
got
almost
that
far
before
people
started
yelling
at
me.
Saying
we've
already
talked
about
that
today
and
it
turned
out
it
wasn't
that
draft
at
all.
So
now,
I'm
back
I'm
trying
to
tell
people
to
take
a
look
at
this
draft
draft.
Wg
effective
encryption,
something
names,
something
like
that
it
was.
L
Some
some
organizations
have
gone
deep
into
encryption
and
found
out
how
blind
it
made
them
and
then
had
to
back
out
some
of
it
so
that
they
could
still
manage
their
networks,
and
this
is
kind
of
a
look
over
the
edge
to
say
this
is
all
the
stuff
that's
going
to
disappear.
If
you
encrypt
everything,
so
that
should
be
of
use
and
and
interest
to
operators.
Big
and
small
yep.
G
Yeah,
I
think,
there's
they're
definitely
concerns
from
specific
communities
about
what
happens
when
you
do
that.
So,
for
example,
satellite
network
operators
like
to
play
around
with
the
bits
in
the
header
and
they
like
to
play
around
in
the
contents
and
they
like
to
do
layer
7
through
10
kind
of
things,
to
content
in
some
cases,
and
they
have
rather
interesting
perspective
on
on
what
happens
when
you
have
a
pic
weirdest
encryption.
That
doesn't
mean
we're
entirely
sympathetic
to
them
in
many
cases,
but
but
I
think
they
deserve
to
be
hurt.
G
But
there
are
other
cases
where
what
goes
down
is
your
instrumentation
in
some
cases
as
network
or
as
as
content
providers
like
this
doesn't
look
that
exciting.
The
difference
to
me
on
weather
traffic
arrives
on
port
443
or
port
80
as
more
to
do
with
the
amount
of
time
it
takes
to
set
up
the
connection
than
it
does
to
do
my
performance
analysis
which
works
fine
since
I'm,
both
the
network
over
which
the
packets
arrive
and
the
terminating
point
on
which,
where
SSL
is
so
I,
get
to
look
inside
them,
but
ya,
know
I.
G
Think,
there's
a
there's.
A
lot
to
be
done
there
and
we
are
going
to
lose
some
things
and
gain
some
things.
A.
B
H
Want
to
stress
this
is
a
very
important
document.
I
press
myself
or
it'll
really
like
three
times
and
I
failed
miserably,
but
I
will
try
to
it
again
on
the
flight
way
way
back
home.
This
is
key
to
at
least
document
what
we're
going
to
lose
and
I'm
not
sure
everybody
understood
what
we're
going
to
lose
in
terms
of
magic
when
it
works.
But
thanks.
L
For
offering
to
read-
and
I
look
forward
to
your
review
and
by
the
way-
there's
some
urgency
on
my
part
to
get
this
done,
because
kathleen's
and
I
here
for
a
really
good
reason
and
then
in
a
few
months,
she's-
probably
not
going
to
be
able
to
work
on
this
draft
for
a
really
good
reason,
and
that
would
leave
me
stuck
alone
trying
to
do
this.
So
please,
let's
finish
it
up.
I
I.